Reports of a phishing scam that impersonates the official Web site of Shinsei Bank in Japan surfaced last July 12 but several reports of this scam were received again last July 25. The 25th of July, of course, coincides with the payday of many companies in Japan, making this scam look like a planned and carefully executed attack.
The screenshot below is an example of the email message that invites target users to click on a link that is going to direct them to the said phishing site:
It is puzzling however why the content is written in English when the target recipients are presumably Japanese people who have accounts in Shinsei Bank.
Confirmed subject titles of the phishing email so far are the following:
- Lock your Shinsei Bank Online Access!
- Suspend your account!
- We regret to inform you!
The given link looks exactly like a legitimate URL of Shinsei Bank. The phisher, however, manipulated the HTML tag where the displayed URL connects to so as to direct the recipient to the malicious site.